CVE-2024-26705 in Linuxinfo

Summary

by MITRE • 04/03/2024

In the Linux kernel, the following vulnerability has been resolved:

parisc: BTLB: Fix crash when setting up BTLB at CPU bringup

When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static (block) TLB entries.

For that write access to the static btlb_info struct is needed, but since it is marked __ro_after_init the kernel segfaults with missing write permissions.

Fix the crash by dropping the __ro_after_init annotation.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/11/2025

The vulnerability CVE-2024-26705 affects the Linux kernel's handling of block translation lookaside buffer (BTLB) setup during CPU bringup operations on 32-bit parisc architecture systems. This issue specifically manifests when utilizing hotplug functionality to bring up additional CPUs, creating a critical condition that can lead to system crashes and potential denial of service. The flaw occurs in the kernel's memory management subsystem where the system attempts to configure static BTLB entries through firmware interaction, requiring write access to a data structure that has been incorrectly marked as read-only after initialization.

The technical root cause stems from the improper memory protection annotation of the btlb_info structure within the parisc architecture implementation. When a 32-bit CPU is brought online through hotplug mechanisms, the kernel must query firmware for BTLB configuration information to establish static translation lookaside buffer entries. However, the btlb_info structure is marked with the __ro_after_init attribute which prevents write operations once the kernel has completed its initialization phase. This creates a direct conflict where the legitimate runtime requirement for modifying this structure conflicts with the memory protection mechanism that was intended to prevent unauthorized modifications after boot.

The operational impact of this vulnerability extends beyond simple system instability to potentially compromise the reliability of systems that rely on dynamic CPU management capabilities. Systems utilizing hotplug functionality for 32-bit parisc processors may experience unexpected kernel panics or segmentation faults when attempting to bring up additional CPUs, effectively rendering the hotplug feature non-functional and potentially causing complete system crashes. This vulnerability particularly affects enterprise servers and high-availability systems that depend on dynamic CPU scaling and bringup operations, as it directly impacts the kernel's ability to manage hardware resources during runtime.

Security implications of this vulnerability align with CWE-284 Access Control and CWE-122 Buffer Overflow, as the improper memory protection mechanism creates an access control violation that leads to memory corruption. From an ATT&CK framework perspective, this vulnerability maps to T1499.004 Endpoint Denial of Service and T1068 Local Privilege Escalation, as the crash condition can be exploited to cause system instability and potentially provide a pathway for privilege escalation within the kernel space. The fix implemented addresses this by removing the __ro_after_init annotation from the btlb_info structure, allowing the necessary write operations to proceed during CPU bringup while maintaining appropriate memory protection for other runtime operations.

The mitigation strategy involves applying the kernel patch that removes the incorrect memory protection annotation from the btlb_info structure, enabling proper write access during firmware interaction for BTLB setup. This fix ensures that legitimate runtime modifications can occur while preserving the overall memory safety mechanisms of the kernel. System administrators should prioritize applying this update to all affected parisc-based systems, particularly those utilizing hotplug functionality, to prevent potential system crashes and maintain operational stability. The vulnerability demonstrates the importance of careful memory protection annotation in kernel code and highlights the need for thorough testing of dynamic hardware management features in embedded and server environments.

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!